Presentation is loading. Please wait.

Presentation is loading. Please wait.

Compliance, Defensibility & Usability of Information on a Global Stage Monday, October 19, 2015 9:00 – 10:30 AM Global Legal Issues 1.

Published byEvan Rogers Modified over 8 years ago

Similar presentations

Presentation on theme: "Compliance, Defensibility & Usability of Information on a Global Stage Monday, October 19, 2015 9:00 – 10:30 AM Global Legal Issues 1."— Presentation transcript:

1 Compliance, Defensibility & Usability of Information on a Global Stage Monday, October 19, 2015 9:00 – 10:30 AM Global Legal Issues 1

2 2

3 3

4 N ORA K URZOVA Chief Privacy Officer, Data Privacy & Records Management Tyco International Management Company A NTHONY M ARTIN Senior Associate General Counsel Privacy & Information Security Wal-Mart Stores M ARTY P ROVIN, CIPP/US Executive Vice President Jordan Lawrence 4 A NDREA A RIAS Attorney, Division of Privacy and Identity Protection Federal Trade Commission 4

5 5 The views expressed herein do not represent the Federal Trade Commission or anyone of it’s Commissioners. All views and opinions are solely those of the individual speaker for informational purposes and does not constitute legal advise.

6 “Do The Right Thing” Defensibility of Decisions Comply with Laws & Requirements 6

7 W HAT D OES A R EGULATOR C ARE A BOUT ?  Federal Agencies, States, ICO, CNIL  Past Experience  Future Experience 7

8 A NDI ’ S T OP 6 L IST 8

9 T OP 6 L IST 9 1.Storing information longer than needed when not necessary 2.Using default or easy-to-guess passwords 3.Storing or transmitting information in plain text 4.Failing to take steps to segment or restrict access to data 5.Failing to provide appropriate employee training or oversight 6.Failing to take reasonable steps to detect or investigate breaches

10 R ISK A NALYSIS C ONSIDERATIONS  Litigation  Regulation  Organizational Structure  Geographic Footprint  Past Experience 10

11 R ISK A NALYSIS C OMPONENTS  Start with Security 11  What personal information do you have?  Where is it?  How long are you keeping it?

12 R ISK A NALYSIS C OMPONENTS  Start with Security  Control Access to Data 12  How are you using personal information?  Who has access to sensitive data?

13 R ISK A NALYSIS C OMPONENTS  Start with Security  Control Access to Data  Require Passwords & Authentication 13  How is sensitive information protected?

14 R ISK A NALYSIS C OMPONENTS  Start with Security  Control Access to Data  Require Passwords & Authentication  Store Securely & Protect in Transit 14  How is sensitive information being stored?  How is sensitive information protected in transit?

15 R ISK A NALYSIS C OMPONENTS  Start with Security  Control Access to Data  Require Passwords & Authentication  Store Securely & Protect in Transit  Segment Network & Monitor Intrusion 15  Are you using industry-tested accepted methods?

16 R ISK A NALYSIS C OMPONENTS  Secure Remote Access to Network 16  Who has access to what?  Information encrypted?

17 R ISK A NALYSIS C OMPONENTS  Secure Remote Access to Network  Apply Sound Security Practices 17  Are policies written?  Is compliance verified?  Are employees adequately trained?

18 R ISK A NALYSIS C OMPONENTS  Secure Remote Access to Network  Apply Sound Security Practices  Ensure Vendors do the Same 18  Do you perform vendor risk assessments?

19 R ISK A NALYSIS C OMPONENTS  Secure Remote Access to Network  Apply Sound Security Practices  Ensure Vendors do the Same  Establish Processes/Procedures 19  What testing are you doing?  Are you up to date on patches?

20 R ISK A NALYSIS C OMPONENTS  Secure Remote Access to Network  Apply Sound Security Practices  Ensure Vendors do the Same  Establish Processes/Procedures  Secure Paper/Physical Media 20  Do employees securely dispose of sensitive information?

21 R EPORTING F INDINGS  Who are you reporting to?  How do you report?  How do you make it relevant? 21 Executive Leadership Team Board of Directors

22 W HAT D OES S UCCESS L OOK L IKE ?  Tone at the Top  Resources  Open Communication 22

23 I NFORMATION M ANAGEMENT C OMMITTEE  Privacy  Records Retention  Information Security  Litigation  Business Intelligence  Marketing 23

24 24

25 25  Federal Trade Commission | www.FTC.gov www.FTC.gov/TipsAndAdvice/PrivacyAndSecurity  European Commission | www.ec.europa.eu www.ex.Europa.eu/justice/dataprotection/datacollection/index_en.htm  National Association of Corporate Directors | www.nacdonline.org www.nacdonline.org/conference/?gclid+CMm4stOCIccCFQgtaQodCO8PhQ  Federal Trade Commission | www.FTC.gov www.ftc.gov/system/files/documents/plain-language/pdf0205-startwithsecurity.pdf R ESOURCES

26 26 N ORA K URZOVA Tyco International Management Company nkurzova@tyco.com 609-806-2171 A NTHONY M ARTIN Wal-Mart Stores Anthony.Martin@walmartlegal.com 479-277-6873 M ARTY P ROVIN, CIPP/US Jordan Lawrence mprovin@jordanlawrence.com 636-778-1650 A NDREA A RIAS Federal Trade Commission aarias@ftc.gov 202-326-2715 26

Download ppt "Compliance, Defensibility & Usability of Information on a Global Stage Monday, October 19, 2015 9:00 – 10:30 AM Global Legal Issues 1."

Similar presentations

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
Security Policies University of Sunderland CSEM02 Harry R. Erwin, PhD.

Security Policies University of Sunderland CSEM02 Harry R. Erwin, PhD.
Electronic Records Management: What Management Needs to Know May 2009.

Electronic Records Management: What Management Needs to Know May 2009.

Similar presentations

Ads by Google